diff --git a/dist/docker-scout_1.2.2_checksums.txt b/dist/docker-scout_1.2.2_checksums.txt
deleted file mode 100644
index 1498810..0000000
--- a/dist/docker-scout_1.2.2_checksums.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-fc1b2baae6a1d820b7a7c4fe1d2e419a5e388fcd890a56e44eaf0e0ff1fc2909 docker-scout_1.2.2_darwin_amd64.tar.gz
-96efce5e4a3ba0c320adcf9f677e6637fd803ef46be1987bdbfb46dd8729be57 docker-scout_1.2.2_darwin_arm64.tar.gz
-6b685afc55202138b1bc18ff83a8c8072cedd9958f0a3aaec2f418ca77aaf3b5 docker-scout_1.2.2_linux_amd64.tar.gz
-982443373d3fb31a3611a695ba778b59c67638ef8b9d27643efa358e8cd39cfa docker-scout_1.2.2_linux_arm64.tar.gz
-c858102d198e399dd3af7c5f3c725470f0229498c5dd40b8c45b62657e784c32 docker-scout_1.2.2_windows_amd64.zip
-ecad10f84851845138acafc6ecd5ba0edf4dca5fa8f5462e4f827cf05175705b docker-scout_1.2.2_windows_arm64.zip
diff --git a/dist/docker-scout_1.3.0_checksums.txt b/dist/docker-scout_1.3.0_checksums.txt
new file mode 100644
index 0000000..c69c0e9
--- /dev/null
+++ b/dist/docker-scout_1.3.0_checksums.txt
@@ -0,0 +1,6 @@
+327f886769fffdb3531b68cc5ab1ade50efb9b4ed4c264508acd4c9e2edb64c9 docker-scout_1.3.0_darwin_amd64.tar.gz
+149f32405693d9dcda14698ffc6914a53cfd5c3f5643c92e49ba6d2b08fe4e0d docker-scout_1.3.0_darwin_arm64.tar.gz
+68722f85b29f610b5d38ce2182209dd36a92749b187054400017f6f62b61a2de docker-scout_1.3.0_linux_amd64.tar.gz
+f236e26f49cb745b0bf6bdc8c78ada5d93f5f48bd2c23f037015b5dfe1851710 docker-scout_1.3.0_linux_arm64.tar.gz
+588864fac063072cb8ccb9684112b89b6562b7e04b2cfff64ff594e1ccd8043e docker-scout_1.3.0_windows_amd64.zip
+cb0f8d5b4deb17069a5b3f8ca94c8990c4f07791add10388542566d473c2187c docker-scout_1.3.0_windows_arm64.zip
diff --git a/dist/docker-scout_1.2.2_windows_amd64.zip b/dist/docker-scout_1.3.0_darwin_amd64.tar.gz
similarity index 68%
rename from dist/docker-scout_1.2.2_windows_amd64.zip
rename to dist/docker-scout_1.3.0_darwin_amd64.tar.gz
index 41ce12c..ab7aa3c 100644
Binary files a/dist/docker-scout_1.2.2_windows_amd64.zip and b/dist/docker-scout_1.3.0_darwin_amd64.tar.gz differ
diff --git a/dist/docker-scout_1.2.2_darwin_arm64.tar.gz b/dist/docker-scout_1.3.0_darwin_arm64.tar.gz
similarity index 67%
rename from dist/docker-scout_1.2.2_darwin_arm64.tar.gz
rename to dist/docker-scout_1.3.0_darwin_arm64.tar.gz
index c2ef880..26e67e0 100644
Binary files a/dist/docker-scout_1.2.2_darwin_arm64.tar.gz and b/dist/docker-scout_1.3.0_darwin_arm64.tar.gz differ
diff --git a/dist/docker-scout_1.2.2_linux_amd64.tar.gz b/dist/docker-scout_1.3.0_linux_amd64.tar.gz
similarity index 67%
rename from dist/docker-scout_1.2.2_linux_amd64.tar.gz
rename to dist/docker-scout_1.3.0_linux_amd64.tar.gz
index a4b8573..eecbaa7 100644
Binary files a/dist/docker-scout_1.2.2_linux_amd64.tar.gz and b/dist/docker-scout_1.3.0_linux_amd64.tar.gz differ
diff --git a/dist/docker-scout_1.2.2_linux_arm64.tar.gz b/dist/docker-scout_1.3.0_linux_arm64.tar.gz
similarity index 66%
rename from dist/docker-scout_1.2.2_linux_arm64.tar.gz
rename to dist/docker-scout_1.3.0_linux_arm64.tar.gz
index 868c615..ef6e293 100644
Binary files a/dist/docker-scout_1.2.2_linux_arm64.tar.gz and b/dist/docker-scout_1.3.0_linux_arm64.tar.gz differ
diff --git a/dist/docker-scout_1.2.2_darwin_amd64.tar.gz b/dist/docker-scout_1.3.0_windows_amd64.zip
similarity index 68%
rename from dist/docker-scout_1.2.2_darwin_amd64.tar.gz
rename to dist/docker-scout_1.3.0_windows_amd64.zip
index 314a1b1..bca1052 100644
Binary files a/dist/docker-scout_1.2.2_darwin_amd64.tar.gz and b/dist/docker-scout_1.3.0_windows_amd64.zip differ
diff --git a/dist/docker-scout_1.2.2_windows_arm64.zip b/dist/docker-scout_1.3.0_windows_arm64.zip
similarity index 66%
rename from dist/docker-scout_1.2.2_windows_arm64.zip
rename to dist/docker-scout_1.3.0_windows_arm64.zip
index 43881d3..0bb1671 100644
Binary files a/dist/docker-scout_1.2.2_windows_arm64.zip and b/dist/docker-scout_1.3.0_windows_arm64.zip differ
diff --git a/docs/docker_scout_cves.yaml b/docs/docker_scout_cves.yaml
index 28a8fdd..344e0d7 100644
--- a/docs/docker_scout_cves.yaml
+++ b/docs/docker_scout_cves.yaml
@@ -64,7 +64,7 @@ options:
- option: format
value_type: string
default_value: packages
- description: "Output format of the generated vulnerability report:\n- packages: default output, plain text with vulnerabilities grouped by packages\n- sarif: json Sarif output\n- spdx: json SPDX output \n- markdown: markdown output (including some html tags like collapsible sections)"
+ description: "Output format of the generated vulnerability report:\n- packages: default output, plain text with vulnerabilities grouped by packages\n- sarif: json Sarif output\n- spdx: json SPDX output \n- markdown: markdown output (including some html tags like collapsible sections)\n- sbom: json SBOM output"
deprecated: false
hidden: false
experimental: false
diff --git a/docs/scout_cves.md b/docs/scout_cves.md
index 51e2e58..db596d3 100644
--- a/docs/scout_cves.md
+++ b/docs/scout_cves.md
@@ -9,31 +9,31 @@ Display CVEs identified in a software artifact
### Options
-| Name | Type | Default | Description |
-|:-----------------------|:--------------|:-----------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `--details` | | | Print details on default text output |
-| `--env` | `string` | | Name of environment |
-| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected |
-| `--format` | `string` | `packages` | Output format of the generated vulnerability report:
- packages: default output, plain text with vulnerabilities grouped by packages
- sarif: json Sarif output
- spdx: json SPDX output
- markdown: markdown output (including some html tags like collapsible sections)
|
-| `--ignore-base` | | | Filter out CVEs introduced from base image |
-| `--locations` | | | Print package locations including file paths and layer diff_id |
-| `--multi-stage` | | | Show packages from multi-stage Docker builds |
-| `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for |
-| `--only-fixed` | | | Filter to fixable CVEs |
-| `--only-metric` | `stringSlice` | | Comma separated list of CVSS metrics (like AV:N or PR:L) to filter CVEs by |
-| `--only-package` | `stringSlice` | | Comma separated regular expressions to filter packages by |
-| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
-| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
-| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names |
-| `--only-unfixed` | | | Filter to unfixed CVEs |
-| `--only-vex-affected` | | | Filter CVEs by VEX statements with status not affected |
-| `--only-vuln-packages` | | | When used with --format=only-packages ignore packages with no vulnerabilities |
-| `--org` | `string` | | Namespace of the Docker organization |
-| `-o`, `--output` | `string` | | Write the report to a file. |
-| `--platform` | `string` | | Platform of image to analyze |
-| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive. |
-| `--vex-author` | `stringSlice` | | List of VEX statement authors to accept |
-| `--vex-location` | `stringSlice` | | File location of directory or file containing VEX statements |
+| Name | Type | Default | Description |
+|:-----------------------|:--------------|:-----------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `--details` | | | Print details on default text output |
+| `--env` | `string` | | Name of environment |
+| `-e`, `--exit-code` | | | Return exit code '2' if vulnerabilities are detected |
+| `--format` | `string` | `packages` | Output format of the generated vulnerability report:
- packages: default output, plain text with vulnerabilities grouped by packages
- sarif: json Sarif output
- spdx: json SPDX output
- markdown: markdown output (including some html tags like collapsible sections)
- sbom: json SBOM output
|
+| `--ignore-base` | | | Filter out CVEs introduced from base image |
+| `--locations` | | | Print package locations including file paths and layer diff_id |
+| `--multi-stage` | | | Show packages from multi-stage Docker builds |
+| `--only-cve-id` | `stringSlice` | | Comma separated list of CVE ids (like CVE-2021-45105) to search for |
+| `--only-fixed` | | | Filter to fixable CVEs |
+| `--only-metric` | `stringSlice` | | Comma separated list of CVSS metrics (like AV:N or PR:L) to filter CVEs by |
+| `--only-package` | `stringSlice` | | Comma separated regular expressions to filter packages by |
+| `--only-package-type` | `stringSlice` | | Comma separated list of package types (like apk, deb, rpm, npm, pypi, golang, etc) |
+| `--only-severity` | `stringSlice` | | Comma separated list of severities (critical, high, medium, low, unspecified) to filter CVEs by |
+| `--only-stage` | `stringSlice` | | Comma separated list of multi-stage Docker build stage names |
+| `--only-unfixed` | | | Filter to unfixed CVEs |
+| `--only-vex-affected` | | | Filter CVEs by VEX statements with status not affected |
+| `--only-vuln-packages` | | | When used with --format=only-packages ignore packages with no vulnerabilities |
+| `--org` | `string` | | Namespace of the Docker organization |
+| `-o`, `--output` | `string` | | Write the report to a file. |
+| `--platform` | `string` | | Platform of image to analyze |
+| `--ref` | `string` | | Reference to use if the provided tarball contains multiple references.
Can only be used with archive. |
+| `--vex-author` | `stringSlice` | | List of VEX statement authors to accept |
+| `--vex-location` | `stringSlice` | | File location of directory or file containing VEX statements |